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UNCLASSIEIED 


Far-sighted  Diagnosis  of  Active  Systems 

Roberto  Garatti  and  Gianfranco  Lamperti  and  Marina  Zanella  ^ 


Abstract.  Active  systems  are  a class  of  discrete-event  systems 
modeled  as  networks  of  nondeterministic  automata  communicating 
through  either  synchronous  or  asynchronous  connection  links.  The 
model-based  diagnosis  of  an  active  system  is  carried  out  by  first 
reconstructing  its  behavior  based  on  the  observation,  from  which 
faults  are  later  derived.  The  complexity  of  behavior  reconstruction  is 
exacerbated  by  the  possibility  of  queuing  events  within  links,  thereby 
making  essential  the  simulation  of  the  order  in  which  events  are 
buffered  within  links.  Unfortunately  some  sequences  of  events  may 
lead  to  blind  alleys  in  the  search  space.  This  is  especially  critical  if 
events  exchanged  among  components  are  assumed  to  be  uncertain, 
as  the  number  of  alternative  sequences  of  queued  events  is  still 
larger.  Therefore,  behavior  reconstruction  without  any  prospection 
in  the  search  space  is  generally  bound  to  detrimental  backtracking. 
To  make  diagnosis  of  active  systems  more  efficient,  we  present  an 
off-line  technique  for  processing  the  models  inherent  to  the  system  at 
hand  so  as  to  automatically  generate  prospection  knowledge  relevant 
to  the  mode  in  which  events  are  produced  and  consumed  over  links. 
Such  a knowledge  is  then  exploited  on-line,  when  the  diagnostic 
engine  is  running,  to  guide  the  search  process,  thus  reducing  both 
time  and  space, 

1 INTRODUCTION 

Diagnosis  of  discrete-event  systems  (DESs)  is  a complex  and  chal- 
lenging task  that  has  been  receiving  an  increasing  interest  from  both 
the  model-based  diagnosis  community  [9],  within  the  AI  area,  and 
the  fault  detection  and  isolation  (FDI)  community  [16,  8,  10],  within 
the  automatic  control  area.  The  current  shared  prospect  is  that,  in 
the  general  case,  the  specific  faults  cannot  be  inferred  without  first 
finding  out  what  has  happened  to  the  system  to  be  diagnosed.  Once 
the  system  evolution  is  available,  the  sets  of  candidate  faults  can  be 
derived  from  it. 

In  this  respect,  in  spite  of  slightly  different  terminologies,  such 
as  histories  [2],  situation  histories  or  narratives  [4],  paths  [5],  and 
trajectories  [11,  6],  all  the  distinct  approaches  describe  the  evolution 
of  a DES  as  a sequence  interleaving  states  and  transitions,  as  the 
favorite  behavioral  models  of  DESs  in  the  literature  are  automata. 
Based  on  the  method  for  tracking  the  evolutions  of  the  system  that 
explain  a given  observation,  two  broad  categories  of  approaches  to 
diagnosis  of  DESs  can  be  basically  singled  out: 

• Those  that  first  generate  (a  concise/partial  model  of)  all  possible 
evolutions  and  then  retrieve  only  the  evolutions  that  explain  the 
observation; 

• Those  that  generate  in  one  shot  the  evolutions  explaining  the 
observation. 

The  first  category  includes  some  relevant  works  from  both  the 
automatic  control  area  [19,  20,  7,  15]  and  the  Al  area  [12,  6], 
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Embodied  in  the  second  category  are  some  approaches  of  the  AI 
area  [2,  11,  17], 

Since  finding  out  the  system  evolutions  is  a computationally  ex- 
pensive and,  therefore,  inefficient  process  (see,  for  instance,  [18] 
about  the  computational  difficulties  of  the  diagnoser  approach 
[19,  20],  or  the  worst  case  computational  complexity  analysis  in 
[2],  or  the  discussion  in  [11]),  most  of  the  approaches  exploit  a 
trade-off  between  off-line  and  on-line  computation. 

Focusing  on  the  second  category  outlined  above,  the  decentral- 
ized diagnoser  approach  [17]  draws  off-line  a local  diagnoser  for 
each  component.  Such  a diagnoser  is  an  automaton  whose  states 
and  (observable)  transitions  are  labeled  with  compiled  knowledge 
about  unobservable  paths  and  interacting  components,  respectively. 
Each  local  diagnoser  is  employed  on-line  for  both  a more  efficient 
reconstruction  of  all  the  possible  evolutions  of  the  relevant  compo- 
nent that  comply  with  the  observation  and  a more  efficient  merging 
of  the  histories  of  distinct  components  into  global  system  histories. 
This  paper  applies  knowledge  compilation  to  the  active  system 
approach  [2,  3],  to  which  purpose  it  isolates  a kind  of  knowledge, 
implicit  in  the  models  of  the  structure  and  behavior  of  the  system 
at  hand,  that  can  be  compiled  off-line  in  order  to  speed  up  on-line 
execution.  The  framework  is  that  of  active  systems,  a class  of  DESs 
modeled  as  networks  of  nondeterministic  automata  communicating 
through  directed  links.  If  an  active  system  includes  one  or  more 
asynchronous  buffered  links,  its  reaction  to  an  event  coming  from 
the  external  world  is  assumed  to  continue  until  there  is  no  event 
left  in  the  links.  The  component  that  sends  events  on  a link  is  the 
event  producer  and  that  extracting  them  from  the  link  is  the  con- 
sumer. The  knowledge  we  compile  is  actually  that  inherent  to  the 
producer-consumer  relationships  between  components.  In  particular, 
we  present,  by  means  of  an  example: 

• An  extension  of  both  the  modeling  primitives  and  the  on-line 
‘short-sighted’  evolution  reconstruction  method  so  as  to  cope  with 
uncertain  events; 

• A method  for  generating  off-line,  under  the  form  of  a determinis- 
tic automaton,  called  a prospection  graph,  the  model  of  the  way 
events  are  exchanged  over  one  or  more  links; 

• A ‘far-sighted’  method  for  exploiting  prospection  graphs  on-line 
while  reconstructing  the  evolutions  of  (sub)systems. 

Finally,  the  computational  advantages  of  far-sighted  diagnosis  are 
discussed  and  some  conclusions  are  hinted, 

2 ACTIVE  SYSTEMS  WITH  UNCERTAIN 
EVENTS 

Topologically,  an  active  system  S is  a network  of  components  which 
are  connected  to  one  another  through  links.  Each  component  is  com- 
pletely modeled  by  an  automaton  which  reacts  to  events  either  com- 
ing from  the  external  world  or  from  neighboring  components  through 
links.  Formally,  the  automaton  is  a 6-tuple 

(S,Ein,I,Eout,0,T) 


where  S is  the  set  of  states,  Ein  the  set  of  input  events,  I the  set  of 
input  terminals,  Eout  the  set  of  output  events,  O the  set  of  output 
terminals,  and  T the  (nondeterministic)  transition  function: 

T : S X Ein  X I X 1-^  2®. 

A transition  from  state  S to  state  S' , which  is  triggered  by  the 
input  event  a = (E,  I),  E E Ei„,  / £ I,  and  generates  the  set  (3  = 
Oi), . . . , (E„,  On)}  of  output  events,  Ek  £ Eout,  Ok  £ O, 
fc  £ [1 ..  n],  is  denoted  by 
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Components  are  implicitly  equipped  with  three  virtual  terminals, 
the  standard  input  (In  £ I)  for  events  coming  from  the  external 
world,  the  standard  output  (Out  £ O)  for  events  directed  toward 
the  external  world  (messages),  and  the  fault  terminal  (Fit  £ O)  for 
modeling  faulty  transitions. 

An  event  (E,  Fit)  is  a fault  event.  The  approach  assumes  that 
both  nominal  and  faulty  behavior  of  each  component  are  specified  in 
the  automaton,  A fault  event  is  not  exchanged  among  components. 
Rather,  it  is  a formal  artifice  to  describe  the  faulty  behavior  of 
components  uniformly.  The  name  of  fault  events  are  supposed  to  be 
informative  as  to  the  specific  fault  affecting  the  component  when 
the  relevant  transition  is  performed^. 

An  event  may  be  uncertain  in  nature,  that  is,  represented  by  a 
disjunction  of  possible  values.  Links  are  the  means  of  storing  the 
events  exchanged  between  components. 

Each  link  L is  characterized  by  a 4-tuple 


iI,0,x,P) 


where  I is  the  input  terminal  (connected  with  a component  output 
terminal),  O the  output  terminal  (connected  with  a component  input 
terminal),  x the  capacity,  that  is,  the  maximum  number  of  queued 
events,  and  P the  saturation  policy,  which  dictates  the  effect  of  the 
triggering  of  a transition  T attempting  to  insert  a new  event  E into 
L when  L is  saturated,  that  is,  when  the  length  of  the  queue  equals 
X-  Three  cases  are  possible: 

• LOSE:  E is  lost; 

• OVERRIDE:  E replaces  the  last  event  in  the  queue  of  L; 

• WAIT:  T cannot  be  triggered  until  L becomes  unsaturated,  that 
is,  until  at  least  one  event  in  L is  consumed. 

The  queue  domain  Q of  L is  the  set  of  possible  sequences 
(queues)  of  events  in  L.  The  length  of  the  queue  Q of  events  incor- 
porated in  L is  denoted  by  |Q|, 

The  polymorphic  Link  function  is  defined  as  follows.  Let 

a = (E,e) 

represent  an  event  relevant  to  a terminal  d.  Then, 

Link(a)  L | L is  the  link  connected  with  9. 

No  more  than  one  link  can  be  connected  with  a component  terminal. 
If  5 is  a virtual  terminal,  then  Link(a)  null.  Let 


P=  {{Ei,9i),...,{E„,9„)} 


^ For  example,  consider  a breaker  which  is  in  the  state  open  and  is  expected 
to  change  state  to  close  when  it  receives  a command  (nominal  behavior). 
The  possible  misbehavior  of  the  breaker  can  be  defined  by  inserting  a 
faulty  transition,  from  state  open  to  open,  that  generates  the  fault  event 
(stuckToO'pen,  Fit). 
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Figure  I.  System  "F  and  models  of  components  X (top)  and  Y (bottom). 


be  a set  of  events  relevant  to  terminals  B-i,  i £ [1 ,,  n],  respectively. 
Then, 

Linkifi)  = {L,3  I L0  = Lmk(£),£  £ /?}, 

Initially,  E is  in  a quiescent  state  Eo,  wherein  all  links  are  empty.  At 
the  arrival  of  an  event  from  the  external  world,  E becomes  reacting, 
thereby  making  a series  of  transitions  until  a final  quiescent  state 
is  reached,  wherein  all  links  are  empty  anew.  This  reaction  yields 
a sequence  of  observable  events,  the  messages,  which  make  up  a 
system  observation  OBS{Tj). 

Let  Eo  denote  the  initial  state  of  system  E,  Based  on  a diagnostic 
problem 

p(E)  = (OR9(E),Eo) 

a reconstruction  of  the  system  reaction  is  carried  out,  which  yields  an 
active  space,  that  is,  a graph  representing  the  whole  set  of  candidate 
histories,  each  history  being  a path  from  Eo  to  a final  state,  in 
other  terms,  a sequence  of  component  transitions  which  explains 
055(E), 

Candidate  diagnoses  are  eventually  distilled  from  the  active  space, 
each  diagnosis  being  a set  of  faulty  components,  that  is,  those  com- 
ponents which  made  at  least  one  faulty  transition  during  a candidate 
system  history. 

Example  1.  Displayed  in  the  center  of  Figure  1 is  a system  'F, 
where  X and  Y are  components,  while  Li  and  La  are  links.  Both 
components  are  endowed  with  an  input  terminal  I and  an  output 
terminal  O,  For  both  links  we  assume  X = 1 Md  P = WAIT . The 
behavioral  models  of  X and  Y are  displayed  on  the  top  and  on  the 
bottom,  respectively.  Accordingly,  Y involves  three  states  (Y\  • • • 
Yf)  and  four  transitions  (y\  ■ ■ ■ 5/4),  one  of  which  is  faulty  (j/3) 
(states  and  transitions  are  denoted  by  capital  and  small  letters,  re- 
spectively), For  instance,  transition  j/4  is  triggered  by  the  input  event 
(es,I)  and  generates  the  set  of  output  events  {(0,2,  O),  (d,  Out)}, 
where  the  former  is  directed  toward  X on  link  L2,  while  the  latter 
is  a message  labeled  d (y^  is  said  to  be  observable).  Transition  j/2 
involves  the  input  event  ({ei.ea},/),  meaning  that  j/2  may  either  be 
triggered  by  ei  or  63,  Considering  the  model  of  X,  note  that,  when 
triggered,  transition  xz  generates  the  uncertain  event  ({es,  es},  O), 
meaning  that  either  63  or  65  is  randomly  generated  (no  assump- 
tion is  made  about  the  likelihood  of  event  generation).  Likewise,  xg 
generates  the  uncertain  event  ({es.ej.O),  meaning  that  either  63 
or  nothing  is  generated  (e  denotes  the  null  event),  □ 


3 SHORT-SIGHTED  DIAGNOSIS 


The  main  task  relevant  to  the  resolution  of  a diagnostic  problem 
p(E)  = ( OBS(T,),  Eo)  is  the  reconstruction  of  the  system  reaction 
to  make  up  the  relevant  active  space  Acit(p(E)),  A node  N in  the 
search  space  is  identified  by  three  fields,  N = (a,  Sr,  Q),  where: 

• a = (Si, . . . , Sn)  is  the  record  of  states  of  the  system  compo- 
nents, each  Si,  i E [1 ..  n],  being  a state  relevant  to  a component 
C'i  in  E (n  is  the  number  of  components  in  E); 

• Sf  is  the  index  of  OBS(T,),  that  is,  an  integer  ranging  from  0 to 
the  number  of  messages  (length)  of  OfJS(E),  which  implicitly 
denotes  the  prefix  of  the  observation  composed  of  the  first  Sr 
messages; 

• Q = (Qi ,Qe)  is  the  record  of  queues  of  the  i links  in  E. 

Node  N is  said  to  be  final  when  Sr  equals  the  length  of  OBS(T,)  and 
all  links  are  empty.  The  search  for  the  nodes  of  the  active  space  is 
started  at  the  initial  node  Nq  = (Eo,  0,  ((), . . . , ())),  where  all  link 
queues  are  empty.  Each  successor  node  of  a given  node  is  obtained 
by  applying  a component  transition  that  is  consistent  with  both  the 
system  topology  and  the  observation.  An  applied  transition  is  an 
edge  of  the  search  space.  When  the  reconstruction  process  is  carried 
out  in  one  step  {monolithically)  without  any  prospection  knowledge 
(shortsightedly),  it  can  be  described  by  Algorithm  1,  where  nodes 
and  edges  generated  during  the  search  are  stored  in  variables  H and 
£,  respectively. 

Algorithm  1.  (Shortsighted  Reconstruction) 

1.  Vt  = {No);  £ = 0;  (Nq  is  unmarked) 

2.  Repeat  Steps  3 through  5 until  all  nodes  in  H are  marked; 

3.  Get  an  unmarked  node  N = (a,  Jr,  Q)  in  N; 

4.  For  each  i in  [l..n],  for  each  transition  T within  the  model 
of  component  Ci,  if  T is  triggerable,  that  is,  if  its  triggering 
event  is  available  within  the  link  and  T is  consistent  with  both 
OBS'(S)  and  the  link  policy  (when  T generates  output  events 
on  non-virtual  terminals),  do  the  following  steps: 

(a)  Create  a node  (N'  = (o',  Q',  Q'))  :=  N;  (N'  is  created  as  a 
copy  of  N) 

(b)  a'[i]  :=  the  state  reached  by  T; 

(c)  IfT  is  observable,  then  SJ  :=  Ss+  1,-  (a  message  is  generated) 

(d)  If  the  triggering  event  E of  T is  relevant  to  an  internal  link 
Lj,  then  remove  E from  Q'[j]; 

(e)  Insert  the  internal  output  events  ofT  into  the  relevant  queues 
in  Q!  ; 

(fi  If  N'  then  insert  N'  into  N;  (N'  is  unmarked) 

T 

(g)  Insert  edge  N — > N into  £; 

5.  Mark  N; 

6.  Remove  from  N all  the  nodes  and  from  £ all  the  edges  that  are 
not  on  a path  from  the  initial  state  No  to  a final  state  in  R 

The  algorithm  aims  to  make  up  all  the  nodes  which  are  reachable 
from  the  initial  node  under  the  given  observation.  To  this  end,  it  con- 
siders, one  at  a time,  all  the  nodes  which  have  been  reached  already 
(those  in  N)  and  have  not  yet  been  processed  (the  unmarked  ones). 
For  each  of  them,  it  attempts  to  find  a transition  that  is  triggerable 
by  a component  in  the  corresponding  state.  If  so,  it  generates  the 
target  node  N'  with  the  appropriate  values  o' , Sr',  and  Q! . In  the 
new  node  was  not  created  already,  it  is  inserted  into  It  (note  that  two 
nodes  which  differ  in  the  Sr  field  only  have  to  be  considered  dif- 
ferent, as  the  mode  in  which  messages  have  been  generated  differ). 
The  corresponding  edge  N ^ N'  is  inserted  into  £ too.  Finally, 


Figure  2.  Short-sighted  reconstruction  space  (see  Example  2), 


when  there  are  no  more  nodes  to  be  processed  (all  nodes  in  K are 
marked),  the  search  space  is  pruned  by  eliminating  the  inconsistent 
nodes,  that  is,  those  that  are  on  a blind  alley. 

It  is  worthwhile  highlighting  that  the  search  process  does  not 
terminate  at  a final  node.  In  fact,  the  system  might  continue  to  react 
and  loop  on  unobservable  paths.  In  other  words,  when  a final  node 
is  met  in  the  search,  it  is  inserted  into  K as  an  unmarked  node  like 
all  other  nodes,  since  in  principle,  unobservable  paths  might  happen 
to  leave  it. 

When  uncertain  output  events  are  involved,  several  new  nodes 
N'  are  to  be  generated  for  the  same  transition  T,  specifically,  one 
for  each  combination  of  possible  values  within  each  disjunction. 
For  example,  since  transition  Xq  in  Figure  1 involves  the  uncertain 
output  event  ({es,  £5},  O),  two  target  nodes  will  be  generated,  one 
for  £3  and  one  for  £5,  If  the  set  of  output  events  included  several 
uncertain  events,  all  possible  combinations  would  be  required  to  be 
enumerated. 

Example  2.  Shown  in  Figure  2 is  the  reconstruction  space  generated 
short-sightedly  for  the  diagnostic  problem  p('I')  = (OBS('i'),  'Fq), 
where  T'  is  the  system  outlined  in  Figure  1,  OBS('^)  = (a,  b,  c,  d), 
and  '£'0  = (^fi,  ii).  Each  node  is  depicted  by  an  ellipse,  wherein 

• <7  = (Xi,  Yj)  is  the  pair  of  component  states; 

• Sr  is  the  prefix  of  the  observation  generated  so  far; 

• Q = (Qi,  Q2)  is  the  pair  of  link  queues. 

Edges  are  marked  by  the  corresponding  component  transitions,  pos- 
sibly qualified  by  the  relevant  chosen  label  when  the  involved  out- 
put event  is  uncertain.  Dotted  edges  denote  faulty  transitions.  Final 
nodes  are  depicted  as  double  ellipses.  The  dashed  part  of  the  graph 


corresponds  to  inconsistent  states,  which  are  almost  half  the  search 
space.  Owing  to  cycles  in  the  graph  (edges  marked  by  X2),  the 
active  space  includes  an  unbound  number  of  candidate  histories. 
However,  only  two  candidate  diagnoses  are  possible,  namely  {Y } 
and  {X.Y}.  Note  that,  although  not  relevant  to  our  example,  the 
replication  of  the  same  faulty  transition  in  a cycle  does  not  change 
the  diagnosis.  A finer-grained  diagnosis  can  be  defined,  as  in  [2], 
called  deep  diagnosis.  The  latter  is  a set  of  pairs  {C,  /),  where  C is 
a component  and  / a fault  event.  This  way,  even  if  not  relevant  to 
our  example  where  each  component  model  includes  a single  faulty 
transition,  it  is  possible  to  know  all  the  faulty  transitions  performed 
by  each  misbehaving  component.  □ 

4 FAR-SIGHTED  DIAGNOSIS 

The  essential  problem  with  short-sighted  diagnosis  lies  in  the  lack 
of  any  prospection  in  the  search  space  as  to  the  consistency  of  the 
link  queues.  In  other  words,  the  inability  to  understand  that  a given 
configuration  of  Q is  bound  to  a ‘blind  alley’  forces  the  reconstruc- 
tion algorithm  to  uselessly  explore  possibly  large  parts  of  the  search 
space.  In  order  to  overcome  this  limitation,  prospection  knowledge 
can  be  automatically  generated  off-line  based  on  the  system  model. 
Considering  Figure  2,  such  a knowledge  will  allow  the  reconstruc- 
tion process  to  avoid  entering  the  inconsistent  sub-space  through 
V2- 

The  basic  idea  is  to  view  a link  L as  a buffer  in  which  a producer 
component  C'^  generates  events  that  are  consumed  by  a consumer 
component  C^.  That  is,  L connects  an  output  terminal  of  C’’  to  an 
input  terminal  of  (7“.  The  way  events  are  produced  and  consumed 
in  L is  both  constrained  by  the  characteristics  of  the  link  (capacity 
and  saturation  policy)  and  the  models  of  and  C^. 

4.1  Prospection  graphs 

Let  L = (/,  O,  X,  P)  be  a link  from  output  terminal  O’’  of  com- 
ponent C'*’  to  input  terminal  P of  component  (7°,  with  queue 
domain  Q.  Let  = (S^,  E?  , F,  O^,  T”)  and  M'’  = 

(8“,  Efjj!  I',  Eout,  0‘^,  T“)  be  the  models  of  and  C'’,  respec- 
tively. Let 

MP“  = (SP‘‘,EP'',tP‘‘) 

be  the  nondeterministic  automaton  obtained  from  in  such  a way 
that 

• SP“  = SP  is  the  set  of  states; 

• EP”  C TP  U {e}  is  the  set  of  events; 

• TP“  : SP"'  X EP”  1-^  2®’’  is  the  transition  function. 

The  transition  function  TP  is  obtained  from  TP  as  follows: 


VT  = S ^ 

S'  G TP  \ 

S-^ 

T 

S'  6 tp” 

if  T ^ Link{p) 

1 

S^ 

■ S'  6 TP” 

otherwise. 

Similarly,  let 

M"“ 

= (S"’’ 

‘,E‘'”,T‘'“) 

be  the  nondeterministic  automaton  obtained  from  M“  in  such  a way 
that 

• S“  = S“  is  the  set  of  states; 

• E““  C T“  U {e}  is  the  set  of  events; 

• T”*"  : 8““  X E‘’“  i-H-  2®'  is  the  transition  function. 

The  transition  function  T”  is  obtained  from  T“  as  follows: 

VT  = S ^ S'  e T“  / ^ ^ 

S — > S'  e T^  otherwise. 


Let  MP  = (SP,EP,TP)  and  M"  = (SLELT'’)  be  the  de- 
terministic automata  equivalent  to  Mp  and  M“  , respectively.  A 
prospection  state  T of  L is  a triple 

£ = (SP,S7Q)  e SP  X 8“  X Q. 

Let  £ be  a prospection  state  and  S ^ S'  G (Tp  U T"),  S G 

{SP,  S”},  T = S ^ S'  G (TPUTP).  Let  Q be  a queue  of  events 

in  L and 

• Head{Q)  denote  the  first  consumable  event  in  Q; 

• Tail(Q)  denote  the  sequence  of  events  in  Q following  the  first 
event; 

• App{Q,  e)  denote  the  queue  obtained  by  appending  e to  Q; 

• Repl(Q,  e)  denote  the  queue  obtained  by  replacing  the  last  event 
in  Q with  e. 

The  Next  function  yields  the  set  of  next  prospection  states  as 
follows: 

Next{C,T)  ='  {£'  I £'  G NexP{C,T),T  e TP}U 
{£'  I C € NerP{C,T),Te  T^} 

where 

NexPiPT)  = {£'  I £'  = (S',  S^,  Q'),  .B  = (E,0^)  G 13, 
e€  E,Q'  = Ins{Q,  e),  (|Q|  < x op 
(IQI  = X,  (e  = e or  P € {LOSE,  OVERRIDE})))}, 

,,  f App{Q,e)  if|Q|<x 

lns{Q.  e)  = Q if  IQI  = X,  (e  = e or  P = LOSE) 

[ Repl{Q,  e)  if  [Qj  =x,P=  OVERRIDE 

and 

NexP(C,T)  ='■  {£'  I £'  = (SP,  S',  Q'), 

a = {E,  r ),  e € E,  Head{Q)  =e,Q'  = Tail(Q) }. 

Let  Co  = (So, So)  be  the  pair  of  initial  states  for  (7p  and  C", 
respectively.  The  spurious  prospection  graph  of  L and  Co  is  the 
nondeterministic  automaton 

rP(L,Co)  = (S",EP,T",SJ,8?) 

where 

8“  = {£  I £ is  a prospection  state  of  L}  is  the  set  of  states, 

E”  C EP  U C TP  U T^  is  the  set  of  events. 

So  = (Sq  , So,  {))  is  the  initial  state, 

8{  = {£  I £ e 8",  £ = (S’P,  S’p,  {))}  is  the  set  of  final  states, 

T"  : 8“  X E"  1-^  2®  is  the  transition  function  defined  as  follows: 

£ ^ £'  e T”  iff  £'  G Next{C,  T). 

A state  of  a spurious  prospection  graph  which  is  not  within  a path 
from  the  initial  state  to  a final  state  is  an  inconsistent  state.  Similarly, 
a transition  entering  or  leaving  an  inconsistent  state  of  a spurious 
prospection  graph  is  an  inconsistent  transition. 

The  nondeterministic  prospection  graph  is  the  nondeterministic 
automaton 

r"(L,Co)  = (8",E“,T“,So,8") 

obtained  from  r"(L,  Co)  by  removing  inconsistent  states  and  incon- 
sistent transitions. 

The  prospection  graph 

r(L,Co)  = (8,E,T,Po,8f) 

is  the  deterministic  automaton  equivalent  to  the  nondeterministuic 
prospection  graph  r°(L,Co). 


Figure  3.  Generation  ofr”(Li,  (Xi,  Vi))  (see  Example  3). 


Example  3.  Shown  in  the  dashed  box  of  Figure  3 are  the  prospec- 
tion  models  M^(X)  (top)  and  M‘^(Y)  (bottom),  inherent  to  link 
Li,  which  are  relevant  to  the  components  X and  Y displayed  in 
Figure  1.  Depicted  on  the  top  of  the  box  is  the  nondeterministic 
automaton  M'^  (X)  equivalent  to  M'^(X).  The  generation  of  the 
nondeterministic  prospection  graph  r"(Li,  (Xi,  Yi))  is  outlined  on 
the  right  of  Figure  4,  where  double  ellipses  denote  final  states,  while 
dashed  nodes  and  edges  represent  inconsistent  states  and  transitions, 
respectively.  Note  that  the  latter  includes  a circular  path  involving 
four  states.  This  situation  is  similar  to  that  of  active  systems,  where 
cycles  may  stem  from  (possibly)  final  states.  Within  the  context  of 
prospection  graphs,  cycles  represent  repetitive  patterns  of  link  state 
changes  (in  our  example,  events  es  and  es  are  repeatedly  produced 
and  consumed,  that  is,  inserted  into  and  removed  from  link  Li).  □ 

Note  that,  essentially  the  generation  of  a prospection  graph  is  anal- 
ogous to  the  generation  of  an  active  space,  where 

• Component  models  are  substituted  by  prospection  models; 

• Only  one  link  is  considered; 

• No  observation  index  is  considered. 

4.1.1  Generalized  prospection  graphs 

The  notion  of  the  prospection  graph  of  a single  link  can  be  naturally 
extended  to  that  of  a set  of  links.  Let  L = {Li,. . .,  L,„  } be  a set  of 
links  (with  queue  domains  Qi, . . . , Q,„,  respectively)  connecting  a 
set  C = {Cl, . . . , Ct}  of  components,  where  each  component  Ci, 
i e [1 ..  f],  is  characterized  by  model 

Mi  = (S,:,Ein„,L,Eo,,ti,0,„Ti). 

Let  Mf  = (S{,E“,T{)  be  the  nondeterministic  automaton  ob- 
tained from  Mi  in  such  a way  that 


• S."  = Si  is  the  set  of  states; 

• EJ  C Ti  U {e}  is  the  set  of  events; 

• T"  : S"  X E,{  1-^  is  the  transition  function. 

The  transition  function  T"  is  obtained  from  T.;  as  follows: 

VT  — S 5'  e T ■ / ^ ^ ^ if  Relevant  {a,  P,  L) 

' ’\  S-^S'eTf  otherwise 

where 

Relevant{a,  p.l,)  {{Link{cx)}  U Link{P))  flL  0. 

Let  Mi  = (Si,  Ei,  Ti)  be  the  deterministic  automaton  equivalent 
to  Mi.  A generalized  prospection  state  £ of  L is  a pair 

£ = (S,Q) 

where 

S = (Si,...,S't)  e (Si  X ■■■  X Si), 

Q = (Qi, . . . , Qr„)  e (Qi  X ■ ■ ■ X Q„,). 

Let  £ = (S,  Q)  be  a generalized  prospection  state  and 

Si^S'  e Ti,  i e [1 ..  t],  T = S^  S'. 


Figure  4.  Generation  of  the  generalized  prospection  graph  F(L,  ^>0)  (see  Example  4). 


The  generalized  Next  function  yields  the  set  of  next  generalized 
prospection  states  as  follows: 

Next{£.,T)  ='  {£'  | £'  = (S',Q'),S'  = 

{{Link{I,^)  0 L)  or 

{Link{Ia)  = L.j,  Lj  e L,  e £ Head{Q.j)  = e, 

Q'j  = TailiQj))), 

hfi  = {L,3  I L,3  = LinkiOp),  {E,3.  Op)  efl,Lpe  h}, 

'iLh  £ Lp(e  £ Ep,  {Ep,  Op)  £ j3,Lh  = Link(Op), 

Q'h  = Ins{Qh,e), 

(|Q/i,|  < Xh  or 

(IQ,,  I = Xh,  (e  = e or  Pu  £ {LOSE,  OVERRIDE}))), 
VLk  £ (L  - {Ep  U {Link{L,)}))  {Q{,  = QQ, 

S'  = S',Vx  £ [1  ..t],x  # i (S',  = &)}. 

Let  Co  = (S’oi , . . . , S’o()  be  the  record  of  initial  states  for  compo- 
nents in  C.  The  generalized  spurious  prospection  graph  of  L and 
Co  is  the  nondeterministic  automaton 

r"(L,  Co)  = (S",  E",  T",  So , S?) 

where 

S“  = {£  I £ is  a prospection  state  of  L}  is  the  set  of  states, 

C Ui=i^t  ^ the  set  of  events, 

So  = (Co,  (()■■■()))  is  the  initial  state, 

Sf  = {£  I £ £ S",  £ = (S,  (0  • • • ()))}  is  the  set  of  final  states, 
T"  : S"  X E“  i-H-  2®  is  the  transition  function  defined  as  follows: 

£ ^ £'  £ T“  iff  £'  £ Next{Z,  T). 


The  generalized  nondeterministic  prospection  graph  is  the  non- 
deterministic automaton 

r"(L,CQ)  = (S",E",T",So,Sf) 

obtained  from  r‘'(L,Co)  by  removing  inconsistent  states  and  in- 
consistent transitions. 

The  generalized  prospection  graph 

r(L,Co)  = (S,E,T,So,Sf) 

is  the  deterministic  automaton  equivalent  to  the  T"(L,  Co). 

Example  4.  Shown  in  Figure  4 is  the  generation  of  the  generalized 
prospection  graph  T(L,  $0)  relevant  to  the  links  in  system  tF  (see 
Figure  1),  where  L = {L1.L2}  and  'To  = {Xi,Yi).  Specifically, 
outlined  on  the  left  are  the  prospection  models  of  components  X and 
Y,  namely  M (X)  and  M (X) . Shown  on  the  center  is  the  generation 
of  the  generalized  nondeterministic  prospection  graph  r'‘(L,  iFo) 
(the  dash  part  of  the  graph  denotes  the  inconsistent  search  space), 
where  consistent  nodes  are  identified  by  labels  £0  ■ ■ ■ £6-  Finally, 
displayed  on  the  right  is  the  corresponding  deterministic  prospec- 
tion graph  r(L,  iFo).  The  latter  is  determined  based  on  the  subset 
construction  algorithm  presented  in  [1],  which  identifies  each  node 
of  the  deterministic  automaton  by  means  of  a subset  of  nodes  of 
the  nondeterministic  one,  specifically,  those  nodes  that  are  reach- 
able through  the  same  marking  transition.  For  example,  since  there 
are  two  edges,  leaving  the  same  state  £e  in  the  nondeterministic 
automaton,  that  are  marked  by  the  same  label  xg,  the  deterministic 
automaton  will  include  the  node  identified  by  the  subset  {£3,  £7}, 
which  is  reached  from  {£g}  by  means  of  the  (unique)  edge  marked 
by  Xg.  According  to  the  algorithm,  each  node  in  the  deterministic 
automaton  that  includes  a final  state  of  the  nondeterministic  one  is 
final  itself  Nodes  of  the  deterministic  automaton  are  identified  by 
labels  0 • • • 8.  □ 


Given  a system  E,  in  order  to  exploit  the  prospection  knowledge  in 
the  reconstruction  process,  we  need  to  create  a set  of  g prospection 
graphs 

r(E)  = {r(Li,CoJ,...,r(L„CoJ} 

such  that  equals  the  whole  set  of  links  in  E,  r(E)  is  a 

prospection  coverage  of  E. 

Algorithm  2.  {Far-sighted  Reconstruction) 

The  far-sighted  reconstruction  algorithm  is  a variation  of  Algo- 
rithm 1.  First,  the  Q field  of  a node  denotes  a record  of  g states 
relevant  to  the  g prospection  graphs  in  the  prospection  coverage 
r(E),  namely 

Q = 

Moreover,  in  the  initial  node  Nq  = (cro,  Sfo,  Qo),  Qn  is  represented 
by  the  record  of  the  initial  states  of  the  corresponding  prospection 
graphs,  namely  (toj  , • • • , To,)-  Finally,  Step  4 of  Algorithm  1 is 
changed  as  follows: 

For  each  i in  [1  ..n],  for  each  transition  T within  the  model  of 
component  Ci,  if  T is  triggerable,  that  is,  if  the  following  two 
conditions  hold 

(i)  T is  consistent  with  OBS{T,); 

Let  n(r)  = be  the  prospection  graphs 

in  r(S)  that  are  relevant  to  links  connected  with  terminals 
on  which  events  are  either  consumed  or  generated  by  T;  let 
Q(N)  = {71, . . . , 7,.}  be  the  elements  of  Q{N)  relevant  to 

n(T); 

(ii)  Vi  e [1 ..  r]  (7.;  7;  is  an  edge  in  f 

then  do  the  following  steps: 

(a)  Create  a node  {N'  = (it',  SJ',  Q'))  :=  TV; 

(b)  a'[i]  :=  the  state  reached  by  T; 

(c)  IfT  is  observable,  then  SJ  :=  Sf-I-  1; 

(d)  Replace  the  elements  of  Q!  relevant  to  Q{N)  with  the  new 
prospection  states; 

(e)  If  N'  then  insert  N'  into  R; 

(f)  Insert  edge  N ^ N'  into  £. 

Essentially,  Algorithm  2 exploits  the  knowledge  about  the  consis- 
tency of  link  states  by  means  of  the  prospection  graphs  generated 
off-line,  thereby  preventing  the  search  from  entering  (possibly  large) 
inconsistent  parts  of  the  space.  Of  course,  such  a prospection  is  fi- 
nite, thereby  not  eliminating  completely  the  backtracking.  Besides, 
it  allows  for  an  efficient  treatment  of  nondeterminism  caused  by 
uncertain  events.  Recall  that,  in  short-sighted  reconstruction,  such 
situations  can  only  be  dealt  with  by  mere  enumeration  of  all  possible 
new  link  states  generated  by  the  collection  of  output  events  of  the 
current  transition.  For  example,  if  T generated  3 uncertain  events 
(on  three  different  links),  each  of  which  represented  by  a disjunction 
of  2 values,  then  we  would  have  8 new  nodes.  Instead,  since  the 
prospection  graphs  are  deterministic,  with  far-sighted  reconstruction 
only  one  new  node  is  generated,  as  at  most  one  edge  marked  by  T 
can  leave  each  current  state  of  the  prospection  graphs. 

Proposition  1.  Let  p(E)  be  a diagnostic  problem  and  ||A||  denote 
the  (possibly  unbound)  set  of  histories  incorporated  in  an  active 
space  A.  Let  AcG(p(E))  and  Act^ denote  the  active  spaces 
generated  by  Algorithm  1 and  Algorithm  2,  respectively.  Then, 

IIAcf  (p(E))||  = ||Aci‘'(p(E))||. 


yj 

X. 

( abcit  4 *) 


Figure  5.  Far-sighted  reconstruction  space  (see  Example  4). 

Example  5.  Shown  in  Figure  5 is  the  reconstruction  space  for  the 
diagnostic  problem  p(T')  = {{a.h.c.d) ,{Xi,Yi))  based  on  the 
generalized  prospection  graph  outlined  on  the  right  of  Figure  4.  It 
is  striking  comparing  it  with  the  short-sighted  reconstruction  (based 
on  Algorithm  1)  displayed  in  Figure  2.  While  the  number  of  con- 
sistent states  (15)  is  necessarily  equal  in  both  reconstructions,  the 
far-sighted  reconstruction  space  includes  one  inconsistent  state  only, 
against  the  14  inconsistent  states  of  the  short-sighted  reconstruction 
space.  In  fact,  while  the  two  states  on  top  of  both  graphs  are  the 
same,  there  is  a right  branch  stemming  from  the  latter  of  such  states 
in  the  short-sighted  reconstruction  which  is  missing  in  the  far-sighted 
reconstruction.  This  branching  is  actually  disabled  by  prospection 
graph  r({Li,L2},  (Xi.Yi)),  which  constraints  the  occurrence  of 
all  the  transitions  involved  in  event  exchange  on  the  links  of  sys- 
tem rP:  according  to  this  prospection  graph,  only  transition  j/i  is 
allowed  to  follow  x\,  while  j/2,  the  responsible  for  the  blind  alley 
in  Figure  2,  is  not.  □ 

5 CONCLUSION 

Referring  to  the  active  system  approach  [2,  3]  to  diagnosis  of  DESs, 
this  paper  has  shown  how  the  off-line  compilation  of  knowledge 


about  event  exchange  between  components  brings  a computational 
advantage  on-line  in  terms  of  reduction  of  the  number  of  backtrack- 
ing steps  performed  by  the  history  reconstruction  algorithm.  This 
advantage  is  expecially  tangible  when  relaxing  a strong  assumption 
of  all  the  state-of-the-art  approaches  to  diagnosis  of  DESs,  namely, 
the  preciseness  of  events.  In  this  work,  all  input  and  output  events 
in  behavioral  models,  and  not  only  observable  events,  as  instead 
in  [14],  may  have  an  imprecise  value  ranging  over  a set  of  la- 
bels, namely  an  uncertain  value.  In  presence  of  uncertain  events, 
the  search  performed  by  short-sighted  diagnosis  is  nondeterministic, 
while  that  carried  out  with  the  support  of  prospection  knowledge  is 
deterministic.  Moreover,  prospection  graphs,  once  generated  off-line, 
can  be  reused  several  times  on-line  for  different  diagnostic  problems 
inherent  to  the  same  system,  or  even  for  the  same  diagnostic  problem 
in  case  there  are  repetitive  link  patterns  in  the  system  structure. 

A previous  proposal  [13],  based  itself  on  knowledge  compilation, 
transforms  the  active  system  approach  into  a spectrum  of  approaches 
which,  according  to  the  classification  in  Section  1,  range  from  a 
totally  first  category  version,  wherein  an  exhaustive  simulation  of 
the  system  evolution  is  performed  off-line,  while  on-line  activities 
are  limited  to  rule-checking,  to  a totally  second  categoiy  version, 
i.e.  the  original  approach  wherein  no  computation  is  performed  off- 
line. Each  approach  falling  in  between  consists  of  both  off-line  and 
on-line  processing.  The  contribution  of  this  paper  is  orthogonal  to 
that  work,  that  is,  it  could  be  integrated  within  any  version  of  the 
spectrum  (with  the  exception  of  the  exclusively  on-line  one)  in  order 
to  reduce  backtracking  steps  in  any  reconstruction. 

The  exchange  of  events  among  components  dealt  with  in  this 
paper,  being  both  asynchronous  and  buffered,  is  peculiar  only  to 
the  active  system  approach.  One  might  argue  that  providing  for  a 
specific  modeling  primitive,  namely  the  link,  for  the  structural  ob- 
jects that  implement  asynchronous  buffered  communication  between 
components,  along  with  specific  methods  for  dealing  with  them,  just 
increases  the  expressive  power  of  the  method  but  does  not  alter  its 
computational  power  at  all.  In  fact,  each  link  could  be  replaced  by  a 
common  component,  whose  behavioral  model  represents  the  link  be- 
havior, and,  therefore,  synchronous  composition  of  automata  would 
suffice.  This  is  correct  in  principle  but  scarcely  feasible  in  practice, 
for  many  reasons.  First,  the  size  of  the  behavioral  model  of  such  a 
component  depends  not  only  on  the  capacity  of  the  link  buffer  but 
also  on  the  number  of  distinct  kinds  of  events  that  can  be  transmit- 
ted on  the  link.  For  instance,  let  us  consider  a link  with  capacity 
equal  to  three,  on  which  four  kinds  of  events,  say  a,  h.  c,  and  d,  can 
be  transmitted.  As  each  state  of  the  component  representing  the  link 
is  univocally  identified  by  the  sequence  of  events  in  the  buffer,  the 
behavioral  model  of  such  a component  has  ^ states! 

So  large  a model  is  a burden  for  history  reconstruction.  In  fact,  the 
model  may  be  unduly  large  as  it  includes  even  states  that  are  phys- 
ically impossible  given  the  system  structure,  since  corresponding  to 
sequences  of  events  that  cannot  be  generated. 

Besides,  as  remarked  above,  such  a model  depends  on  the  kinds 
of  events  that  can  be  transmitted  on  the  link,  that  is,  it  depends  on 
the  producer  component  of  the  link  at  hand.  This  is  somewhat  in 
contrast  with  the  philosophy  of  compositional  modeling,  according 
to  which  individual  component  models  are  reciprocally  independent. 

Instead,  in  the  active  system  approach  and,  consequently,  in  this 
paper,  a link  is  just  the  instantiation  of  a model,  encompassing  only 
the  terminals,  capacity,  and  policy  of  the  link,  and  such  a model  is 
independent  of  the  structure  of  the  system  in  which  the  link  is  in- 
stantiated. Of  course,  notwithstanding  the  modeling  simphcity,  link 
states  are  bound  to  emerge  in  the  computation,  sooner  or  later.  The 
methods  introduced  in  this  paper  are  actually  aimed  at  minimizing 
the  number  of  physically  impossible  link  states  (and,  hence,  since  a 
link  state  is  a part  of  any  active  system  state,  the  number  of  active 


space  states)  visited  by  the  history  reconstruction  search  algorithm. 
In  short-sighted  diagnosis,  where  a link  state  is  represented  as  a se- 
quence of  events,  not  all  sequences  of  events  are  considered  but  only 
those  that  can  be  generated  given  the  system  structure.  In  far-sighted 
diagnosis,  where  the  state  of  one  or  several  links  becomes  a record 
of  indexes,  the  ninnber  of  visited  link  states  is  further  reduced:  only 
those  states  are  generated  that  can  evolve  towards  a state  wherein 
the  link  is  empty. 
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